Excerpts from mail: 30-Jan-96 Re: Authentication of crypt.. Adam Shostack@homeport.o (4311*)
A crypto provider can't protect itself from requests to do things. What it might be able to do is find out what program is in that memory space and tell the user "FV keyboard scanner would like to run IDEA on 128 bytes of data. Allow?"
There are flaws in this 'whos that knocking on my door?' approach....
Yeah, the flaws are pretty bad. We tried this approach in "active mail" systems back in the early-to-mid-1980's. The user was asked to assess his trust level for the email-received code that was trying to run. The problem we found was that even relatively sophisticated users were very quick to be fooled into believing that the "From" address was legitimate. Similarly, I suspect that if I named my keyboard scanner "Windows 95", most people would probably be fooled, and the fact that your API asked the question would only make the user feel MORE secure about saying "yes"..... -------- Nathaniel Borenstein <nsb@fv.com> Chief Scientist, First Virtual Holdings FAQ & PGP key: nsb+faq@nsb.fv.com